Open tiagodread opened 3 years ago
@AlexSCorey - Upon investigation, Tiago and I noticed that the Associate button on the Groups tab inside of a host is no longer present in the DOM, even for an Admin user. I am reopening this so it can be addressed.
it seems that the auditor can attempt to associate a group, but the api isn't actually allowing it if you try.
Filling this as an api bug as it seems that the api is misreporting the permissions. If I hit /hosts/id/groups
both super user and system auditor have associate and disassociate permissions and if I hit /hosts/is/all_groups
neither can associate/disassociate. However, if I actually try to associate a group as a system auditor by hitting /hosts/id/groups
the api will not allow it and sends a 403.
ISSUE TYPE
SUMMARY
The Add button is enable to auditors users
ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
Add button to be disabled
ACTUAL RESULTS